Privacy Policy

By entering this website, the visitor consents to the terms of this policy. By submitting his/her
Information to RAMA, the visitor will be treated as having given his/her permission for processing the
same in a manner provided in this policy. At RAMA group, RAMA respects the privacy of individual/visitor and is
committed to take reasonable
precautions to protect information consisting of Personal information and `Sensitive Personal Data or
Information’ (SPDI) (“Information”) of visitors of this RAMA website and comply with all legal, regulatory
and/or contractual obligations related to privacy. RAMA has adopted the “Privacy by Default” principles
in its approach to data privacy i.e. privacy of data and information is upheld first by default.
This policy covers the processing, storage and access to Information as required under lawful and/or
contractual activities with RAMA or otherwise required in the normal course of business. It describes
RAMA’s policies and procedures on the collection, usage and disclosure of Information
provided/received by natural persons and meets the requirements established under:

Scope

This policy applies to all visitors of this RAMA ’s website.

Information covered by this policy

This policy applies to Information collected and processed by RAMA consisting of following:
2.1 Personal information is information related to a visitor, or a combination of pieces of information
that could reasonably allow him to be identified. Personal information may consist of full name,
personal contact numbers, residential address, email address, gender or date of birth. While information
such as date of birth in isolation may not be enough to uniquely identify the visitor, a combination of full
name and date of birth may be sufficient to do so.
2.2 Sensitive personal data or information (“SPDI”) is such personal information that is collected,
received, stored, transmitted or processed by RAMA , consisting of

Password

Financial information such as bank account or credit card or debit card or other payment instrument
details

Physical, physiological and mental health condition

Sexual orientation

Medical records and history

Biometric information

Any detail relating to the above personal information categories as provided to RAMA for providing
service

Any of the information received under above personal information categories by RAMA for
processing, stored or processed under lawful contract or otherwise

Please note that any information that is freely available or accessible in public domain or furnished
under the Right to Information Act, 2005 or any other law for the time being in force shall not be
regarded as sensitive personal information.

Purpose

RAMA shall collect and use Information for legitimate business purposes in order:

that a visitor may download product information, order products and take advantage of certain other
features of RAMA ’s website;

to provide information or interactive services through this website, to the visitor’s e-mail address or,
where the visitor wishes it to be sent by post, to the visitor’s postal address;

to seek the visitor’s feedback or to contact the visitor in relation to the services offered on RAMA ’s
website;

to process orders or applications submitted by the visitor;

to administer or otherwise carry out RAMA ’s obligations in relation to any agreement that the visitor
may with RAMA

to anticipate and resolve problems with any goods or services supplied to the visitor;

to create products or services that may meet the visitor’s needs;

to process and respond to requests, improve RAMA ’s operations, and communicate with visitor/s about
RAMA’s products, services and businesses; and
to allow the visitor to subscribe to RAMA’s news alerts

Collection of information

Only minimum Information required to meet the purposes mentioned in this policy shall be collected
from the visitor/s. Neither RAMA nor its representatives shall be responsible for the authenticity of such
Information provided by the visitor/s. As normal business practice, RAMA may collect Information in
order to enable the secure online authentication, interaction and transaction with natural persons. This
may include the installation of cookies and the collection of other session data.

Access, correction of information and withdrawal of consent

Any modifications / corrections required to the Information can be carried out on the website. In the
event the visitor is unable to do so due to lack of functionality in RAMA ’s website and / or the visitor
wants to withdraw his / her consent to provide SPDI, he / she may contact the Grievanceofficer, the
details whereof are provided in clause 8 of this policy.

Retention, processing and storage of information

RAMA shall retain Information for only as long as necessary to meet legal or regulatory
requirements or for legitimate business purposes as mentioned in this policy.
RAMA has implemented required security practices and standards in line with the global standards
and have a comprehensive documented information security program and policy in place, which
contains managerial, technical, operational and physical security control measures that commensurate
with the information assets being protected with RAMA ’s nature of business. It is being reviewed
periodically to keep pace with business, technology and regulatory changes.

Disclosure of information

7.1 RAMA shall not use or disclose Information for purposes other than as mentioned in this policy,
except
with the consent of visitor providing such Information or as required by law. However, RAMA may
be
legally required to disclose the Information in the following cases:

Where the disclosure is necessary for compliance of a legal obligation

Where mandated under the law by government agencies to disclose such Information

7.2 Where necessary, RAMA may disclose Information to business partners or third parties during the
normal course of business for the purposes mentioned in this policy. In such cases, RAMA will only
share Information related data when RAMA is assured that:

The Information is processed legitimately and appropriately by the business partner or third party in
line with the established consent or in line with legal requirements.

The business partner or third party has adopted a reasonable and equivalent level of security
practices
and procedures to ensure security of the Information shared.